Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for generating, at a user computer connectable to a server via a network, a secret cryptographic key of the user computer, the method comprising: providing at the user computer a secret user value; providing at the server a secret server value and a check value which encodes the secret user value and a user password; at the user computer, in response to input of an input password, encoding the secret user value and the input password to produce a first value corresponding to said check value, and communicating the first value to the server via the network; at the server, in response to communication of the first value, comparing the first value and the check value to check whether the input password equals the user password and, if so, encoding the first value and said secret server value to produce a second value and communicating the second value to the user computer via the network; and at the user computer, in response to communication of the second value, generating the secret cryptographic key by encoding the second value, the input password and the secret user value.
A method for generating a secret cryptographic key involves a user computer and a server communicating over a network. The user computer has a stored secret user value. The server has a stored secret server value and a check value (encoding of secret user value and user password). Upon password input, the user computer encodes the secret user value and input password to produce a first value, which is sent to the server. The server compares this first value with the stored check value. If they match (input password is correct), the server encodes the first value and the secret server value to create a second value, sending it back to the user computer. Finally, the user computer generates the secret cryptographic key by encoding the second value, the input password, and the secret user value.
2. A method as claimed in claim 1 including, in a setup procedure, prior to generation of said key: at the user computer, in response to input of said user password, encoding the secret user value and the user password to produce said check value, and communicating the check value to the server via the network; and at the server, storing the received check value.
Prior to key generation (as described in Claim 1), a setup procedure occurs. The user computer, after receiving the user password, encodes the secret user value and the user password to generate the check value. This check value is then sent to the server and stored. Therefore, the method for generating a secret cryptographic key involves a user computer and a server communicating over a network. The user computer has a stored secret user value. The server has a stored secret server value and a check value (encoding of secret user value and user password). Upon password input, the user computer encodes the secret user value and input password to produce a first value, which is sent to the server. The server compares this first value with the stored check value. If they match (input password is correct), the server encodes the first value and the secret server value to create a second value, sending it back to the user computer. Finally, the user computer generates the secret cryptographic key by encoding the second value, the input password, and the secret user value.
3. A method as claimed in claim 2 including, in said setup procedure: at the user computer, generating and storing the secret user value; and at the server, generating and storing the secret server value.
In the setup procedure (as described in Claim 2), the user computer generates and stores the secret user value, and the server generates and stores the secret server value. Following the setup procedure, which involves generating and storing a secret user value at the user computer, generating and storing a secret server value at the server, and creating and storing a check value by encoding the secret user value and user password at the user computer, which is then sent to the server for storage, the method for generating a secret cryptographic key involves a user computer and a server communicating over a network. The user computer has a stored secret user value. The server has a stored secret server value and a check value (encoding of secret user value and user password). Upon password input, the user computer encodes the secret user value and input password to produce a first value, which is sent to the server. The server compares this first value with the stored check value. If they match (input password is correct), the server encodes the first value and the secret server value to create a second value, sending it back to the user computer. Finally, the user computer generates the secret cryptographic key by encoding the second value, the input password, and the secret user value.
4. A method as claimed in claim 2 wherein the setup procedure includes: at the server, encoding said received check value and said secret server value to produce said second value and communicating the second value to the user computer via the network; and at the user computer, in response to communication of the second value, generating the secret cryptographic key for a first time by encoding the second value, the user password and the secret user value, using the key in a cryptographic operation, and deleting the user password, the check value, the second value and the key after use.
In the setup procedure (as described in Claim 2), the server encodes the received check value and the secret server value to produce the second value, which it sends to the user computer. The user computer, upon receiving the second value, generates the secret cryptographic key for the first time by encoding the second value, the user password, and the secret user value. It then uses this key in a cryptographic operation and deletes the user password, the check value, the second value, and the key after use. Therefore, prior to key generation (as described in Claim 1), a setup procedure occurs. The user computer, after receiving the user password, encodes the secret user value and the user password to generate the check value. This check value is then sent to the server and stored. The user computer then encodes the secret user value and input password to produce a first value, which is sent to the server. The server compares this first value with the stored check value. If they match (input password is correct), the server encodes the first value and the secret server value to create a second value, sending it back to the user computer. Finally, the user computer generates the secret cryptographic key by encoding the second value, the input password, and the secret user value.
5. A method as claimed in claim 1 including: providing at the user computer a user identifier for uniquely identifying the user computer to the server; at the server, providing the user identifier with the check value for the user computer; and at the user computer, communicating the user identifier to the server with said first value.
The method for generating a secret cryptographic key (as described in Claim 1) is augmented by providing the user computer with a user identifier, uniquely identifying it to the server. The server stores this user identifier along with the check value for the user computer. The user computer transmits the user identifier to the server along with the first value. Therefore, the method for generating a secret cryptographic key involves a user computer and a server communicating over a network. The user computer has a stored secret user value. The server has a stored secret server value and a check value (encoding of secret user value and user password). Upon password input, the user computer encodes the secret user value and input password to produce a first value, which is sent to the server. The server compares this first value with the stored check value. If they match (input password is correct), the server encodes the first value and the secret server value to create a second value, sending it back to the user computer. Finally, the user computer generates the secret cryptographic key by encoding the second value, the input password, and the secret user value.
6. A method as claimed in claim 5 including, at the user computer, encoding the user identifier in the first value.
The method of Claim 5 is extended by having the user computer encode the user identifier within the first value sent to the server. The user computer has a stored secret user value. The server has a stored secret server value and a check value (encoding of secret user value and user password). Upon password input, the user computer encodes the secret user value and input password to produce a first value, which is sent to the server, with user identifier encoded. The server compares this first value with the stored check value. If they match (input password is correct), the server encodes the first value and the secret server value to create a second value, sending it back to the user computer. Finally, the user computer generates the secret cryptographic key by encoding the second value, the input password, and the secret user value.
7. A method as claimed in claim 5 including, at the user computer, encoding the user identifier in the cryptographic key.
The method of Claim 5 is modified such that the user computer encodes the user identifier into the cryptographic key itself. Therefore, the method for generating a secret cryptographic key involves a user computer and a server communicating over a network. The user computer has a stored secret user value. The server has a stored secret server value and a check value (encoding of secret user value and user password). Upon password input, the user computer encodes the secret user value and input password to produce a first value, which is sent to the server, with user identifier encoded. The server compares this first value with the stored check value. If they match (input password is correct), the server encodes the first value and the secret server value to create a second value, sending it back to the user computer. Finally, the user computer generates the secret cryptographic key with the user identifier encoded by encoding the second value, the input password, and the secret user value.
8. A method as claimed in claim 5 including, at the server, encoding the user identifier in the second value.
The method of Claim 5 is altered so that the server encodes the user identifier into the second value sent back to the user computer. Therefore, the method for generating a secret cryptographic key involves a user computer and a server communicating over a network. The user computer has a stored secret user value. The server has a stored secret server value and a check value (encoding of secret user value and user password). Upon password input, the user computer encodes the secret user value and input password to produce a first value, which is sent to the server, with user identifier encoded. The server compares this first value with the stored check value. If they match (input password is correct), the server encodes the first value and the secret server value and the user identifier to create a second value, sending it back to the user computer. Finally, the user computer generates the secret cryptographic key by encoding the second value, the input password, and the secret user value.
9. A method as claimed in claim 6 including: at the server, providing a server identifier for uniquely identifying the server to the user computer; at the user computer, retrieving the server identifier and encoding the server identifier in said first value; at the server, encoding the server identifier in the second value; and at the user computer, encoding the server identifier in the cryptographic key.
The method of Claim 6 is improved by including a server identifier. The server provides a server identifier, uniquely identifying it to the user computer. The user computer retrieves this server identifier and encodes it within the first value sent to the server. The server then encodes the server identifier into the second value. The user computer also encodes the server identifier into the cryptographic key. Therefore, the user computer encodes the secret user value and input password to produce a first value, which is sent to the server with user identifier and server identifier encoded. If they match (input password is correct), the server encodes the first value and the secret server value and the user identifier to create a second value including the server identifier, sending it back to the user computer. Finally, the user computer generates the secret cryptographic key with the user identifier and server identifier encoded by encoding the second value, the input password, and the secret user value.
10. A method as claimed in claim 1 including establishing, via interaction of the user computer and the server, a secure channel over said network, wherein said communicating by the user computer and server is conducted over the secure channel.
The method of Claim 1 incorporates establishing a secure channel between the user computer and the server before any communication occurs. All communication by the user computer and server happens over this secure channel. Therefore, the method for generating a secret cryptographic key involves a user computer and a server communicating over a secure network channel. The user computer has a stored secret user value. The server has a stored secret server value and a check value (encoding of secret user value and user password). Upon password input, the user computer encodes the secret user value and input password to produce a first value, which is sent to the server via secure channel. The server compares this first value with the stored check value. If they match (input password is correct), the server encodes the first value and the secret server value to create a second value, sending it back to the user computer via secure channel. Finally, the user computer generates the secret cryptographic key by encoding the second value, the input password, and the secret user value.
11. A method as claimed in claim 1 including, at the server, implementing a throttling mechanism in dependence on whether the input password equals the user password.
The method of Claim 1 includes the server implementing a throttling mechanism. This mechanism adjusts its behavior based on whether the input password matches the user password, likely to prevent brute-force attacks. Therefore, the method for generating a secret cryptographic key involves a user computer and a server communicating over a network. The user computer has a stored secret user value. The server has a stored secret server value and a check value (encoding of secret user value and user password) and also implements a throttling mechanism based on login success/failure. Upon password input, the user computer encodes the secret user value and input password to produce a first value, which is sent to the server. The server compares this first value with the stored check value. If they match (input password is correct), the server encodes the first value and the secret server value to create a second value, sending it back to the user computer. Finally, the user computer generates the secret cryptographic key by encoding the second value, the input password, and the secret user value.
12. A method as claimed in claim 1 wherein: the check value encodes the secret user value and the user password via a hash function; the user computer produces the first value by encoding the secret user value and the input password via said hash function; the server produces the second value by encoding the first value and the secret server value via said hash function; and the user computer generates the secret cryptographic key by encoding the second value, the input password and the secret user value via said hash function.
In the method of Claim 1, the encoding is achieved using a hash function. Specifically, the check value encodes the secret user value and the user password using a hash function. The user computer generates the first value by encoding the secret user value and the input password using the same hash function. The server generates the second value by encoding the first value and the secret server value using the same hash function. Finally, the user computer generates the secret cryptographic key by encoding the second value, the input password, and the secret user value using the hash function. Therefore, the method for generating a secret cryptographic key involves a user computer and a server communicating over a network. The user computer has a stored secret user value. The server has a stored secret server value and a check value (encoding of secret user value and user password via a hash function). Upon password input, the user computer encodes the secret user value and input password using a hash function to produce a first value, which is sent to the server. The server compares this first value with the stored check value. If they match (input password is correct), the server encodes the first value and the secret server value using a hash function to create a second value, sending it back to the user computer. Finally, the user computer generates the secret cryptographic key by encoding the second value, the input password, and the secret user value using a hash function.
13. A computer program product, the computer program product comprising a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to perform: providing at the user computer a secret user value; providing at the server a secret server value and a check value which encodes the secret user value and a user password; at the user computer, in response to input of an input password, encoding the secret user value and the input password to produce a first value corresponding to said check value, and communicating the first value to the server via the network; at the server, in response to communication of the first value, comparing the first value and the check value to check whether the input password equals the user password and, if so, encoding the first value and said secret server value to produce a second value and communicating the second value to the user computer via the network; and at the user computer, in response to communication of the second value, generating the secret cryptographic key by encoding the second value, the input password and the secret user value.
A computer program product residing on a non-transitory computer-readable storage medium. It contains instructions to perform the method for generating a secret cryptographic key. The user computer has a stored secret user value. The server has a stored secret server value and a check value (encoding of secret user value and user password). Upon password input, the user computer encodes the secret user value and input password to produce a first value, which is sent to the server. The server compares this first value with the stored check value. If they match (input password is correct), the server encodes the first value and the secret server value to create a second value, sending it back to the user computer. Finally, the user computer generates the secret cryptographic key by encoding the second value, the input password, and the secret user value.
14. A user computer for communicating with a server via a network to generate a secret cryptographic key of the user computer, said server storing a secret server value and a check value which encodes a secret user value of the user computer and a user password, wherein the user computer comprises memory for storing said secret user value, a user interface, a communications interface for communicating with the server via the network, and control logic adapted: in response to input via said user interface of an input password, to encode said secret user value and the input password to produce a first value corresponding to said check value, and to communicate the first value to the server via said communications interface; and in response to communication by the server of a second value produced by encoding the first value and said secret server value, to generate the secret cryptographic key by encoding the second value, the input password and the secret user value.
A user computer designed to communicate with a server to generate a secret cryptographic key. The server stores a secret server value and a check value (encoding of the user computer's secret user value and user password). The user computer includes memory for storing the secret user value, a user interface, and a communications interface. Control logic, when an input password is provided, encodes the secret user value and the input password to create a first value (corresponding to the server's check value) and sends it to the server. Upon receiving a second value (produced by the server encoding the first value and the secret server value), the control logic generates the secret cryptographic key by encoding the second value, the input password, and the secret user value.
15. A server for use in generating a secret cryptographic key of a user computer, storing a secret user value, which is connectable to the server via a network, the server comprising: memory for storing a secret server value and a check value which encodes said secret user value and a user password; a communications interface for communicating with the user computer via the network; and control logic adapted, in response to receipt from the user computer of a first value which corresponds to said check value and encodes said secret user value and an input password, to compare the first value and the check value to check whether said input password equals said user password and, if so, to encode the first value and said secret server value to produce a second value, and to communicate the second value to the user computer via said communications interface.
A server designed to be used in generating a secret cryptographic key for a user computer. It has memory for storing a secret server value and a check value (encoding the user computer's secret user value and the user password). It also has a communications interface to communicate with the user computer. Control logic, upon receiving a first value (encoding the secret user value and input password) from the user computer, compares it with the stored check value. If they match (the input password is correct), the server encodes the first value and the secret server value to produce a second value and sends this second value to the user computer.
Unknown
December 19, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.